CentOS 7 中使用NTP进行时间同步

前端之家收集整理的这篇文章主要介绍了CentOS 7 中使用NTP进行时间同步前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1. NTP时钟同步方式说明
NTP在linux下有两种时钟同步方式,分别为直接同步和平滑同步:
直接同步
使用ntpdate命令进行同步,直接进行时间变更。如果服务器上存在一个12点运行的任务,当前服务器时间是13点,但标准时间时11点,使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险,因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。
平滑同步
使用ntpd进行时钟同步,可以保证一个时间不经历两次,它每次同步时间的偏移量不会太陡,是慢慢来的,这正因为这样,ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务
http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务,也包括对中国时间的同步,对应的URL为cn.pool.ntp.org,在其中也描述了ntp配置文件中的建议写法:
server 1.cn.pool.ntp.org
server 3.asia.pool.ntp.org
server 2.asia.pool.ntp.org

2. 环境情况
准备四台电脑,分别为:

IP 用途
192.168.11.212 ntpd服务器,用于与外部公共ntpd同步标准时间
172.16.248.129 ntpd客户端,用于与ntpd同步时间
172.16.248.130 172,16,248.131 ntpd客户端,用于与ntpd同步时间

3. 检查服务是否安装

  • 使用rpm检查ntp包是否安装
[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-19.el7.CentOS.3.x86_64
  • 如果已经安装则略过此步,否则使用yum进行安装,并设置系统开机自动启动并启动服务
[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 设置ntp服务器: 192.168.11.212

配置前先使用命令:ntpdate -u cn.pool.ntp.org,同步服务器

# For more information about this file,see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source,but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # ntp.conf(5),0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor driftfile /var/lib/ntp/drift # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # be tightened as well,0);">fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # 允许上层时间服务器主动修改本机时间 fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor disable monitor

修改完成后重启ntpd服务systemctl restart ntpd


使用ntpq -p 查看网络中的NTP服务器,同时显示客户端和每个服务器的关系


使用ntpstat 命令查看时间同步状态,这个一般需要5-10分钟后才能成功连接和同步。所以,服务器启动后需要稍等下:
刚启动的时候,一般是:

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动,和前面的设置方式相同。然后编辑/etc/ntp.conf文件,红色字体为变化的内容

server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # ntp.conf(5),0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit time synchronization with our time source,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Permit all access over the loopback interface. This could # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # be tightened as well,0);">fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #server 0.centos.pool.ntp.org iburst  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifiers which are trusted. #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #trustedkey 4 8 42  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor  disable monitor  

重启ntpd服务

#systemctl restart ntpd

启动后,查看同步情况

# ntpq -p
# ntpstat 

因为是内网,一般ntpstat很快就可以同步上。

原文链接:https://www.f2er.com/centos/375596.html

猜你在找的CentOS相关文章